Sony Hack a 'National Security Matter'

But White House Says It's Too Early to Identify Culprit
Sony Hack a 'National Security Matter'

The White House says that it's treating the malware attack against Sony Pictures Entertainment and subsequent data leaks as a "national security matter." But the administration says it's too early in its investigation into the attack to definitively attribute the attacks to any particular group or nation state (see Sony Hack: North Korea to Blame?).

See Also: Gartner Market Guide for DFIR Retainer Services

"This is something that's being treated as a serious national security matter," White House Press Secretary Josh Earnest told reporters in a Dec. 18 briefing. "There is evidence to indicate that we have seen destructive activity with malicious intent that was initiated by a sophisticated actor. And it is being treated by those investigative agencies, both at the FBI and the Department of Justice, as seriously as you would expect."

The hacker attack against Sony has reportedly included data theft and, on Nov. 24, wiper malware being used to erase Sony data. That's been followed by ongoing data leaks and other threats against Sony Pictures Entertainment and its employees.

Earnest says the ongoing attack "has also been the subject of a number of daily meetings that have been convened here at the White House," led by homeland security adviser Lisa Monaco and cybersecurity coordinator Michael Daniel and including representatives from intelligence, diplomatic, military and law enforcement agencies.

A group that calls itself the Guardians of Peace has claimed credit for the attack against Sony Pictures, including the leaks of stolen data, which has included top Sony Pictures executives' Outlook e-mail spools. After "G.O.P." launched its attacks and began leaking data, however, the group then claimed it would stop the data leaks if Sony canceled its forthcoming comedy "The Interview," which centers on a tabloid TV reporting team that gets approached by the CIA to assassinate Kim Jong-un, who heads the Pyongyang-based communist dictatorship that rules North Korea.

After G.O.P. published a "terror" threat against movie theaters, U.S. theater chains announced that they would not show the film. Subsequently, Sony announced that it would shelve "The Interview" indefinitely, which has sparked a further backlash against the already beleaguered movie and television studio.

Investigation Still 'Progressing'

In response to questions about whether North Korea launched or sponsored the Sony attack, Earnest said that while the investigation is "progressing," he was not yet able to comment on that question, Reuters reports. But he said that the administration "would be mindful of the fact that we need a proportional response," and cautioned that the people behind these types of malicious attacks were "often seeking to provoke a response."

"They may believe that a response from us in one fashion or another would be advantageous to them," Earnest said, for example, by focusing international attention on their agenda, or increasing their standing with peers.

Ken Westin, a security analyst at information security vendor Tripwire, says it is premature to attribute the Sony hack to any specific group or nation. "FBI notices have been sent out stating specifically no connection has been made and that the investigation is still under way," he says.

While the White House and FBI say it's too soon to blame the hack attack against Sony Pictures - which is a subsidiary of Japanese multinational conglomerate Sony - on any particular group or actor, other government officials have nevertheless been sharing their own theories with multiple media outlets. "We have found linkage to the North Korean government," a "U.S. government source" tells NBC News, which reports that the attack against Sony appeared to have been launched from outside North Korea. But no evidence was supplied that might confirm any supposed linkage to Pyongyang having participated in or ordered up the attacks.

Information security experts, meanwhile, have warned against reading too much into any supposed "linkage" between the Sony hack and North Korea, or the fact that unnamed government sources told the New York Times that North Korea was "centrally involved" in the attack against Sony, saying such suppositions have yet to be confirmed by the release of any supporting facts. In fact, security experts warn, the information being cited by unnamed government officials at times seems to contradict suggestions of Pyongyang involvement.

"People don't seem to be reading past the headline or first couple of paragraphs," says attrition.org CEO and security expert Brian Martin, a.k.a. Jericho, in a blog post, referring to the New York Times report. "What seems like a strong, definitive piece falls apart and begins to contradict itself entirely halfway through the article."

Intelligence Not 100% Reliable

Furthermore, what one unnamed intelligence source believes may not square with another intelligence source, warns Jeffrey Carr, CEO of threat-intelligence sharing firm Gaia International. He says the intelligence community "is rarely unified when it comes to intelligence analysis; especially cyber-intelligence."

Carr and other security experts have also warned that whoever is sharing supposed Sony-related intelligence may also have a political agenda. "Cybersecurity has become an increasingly political topic thanks to recent NSA revelations and increased defense spending being allocated to cyber defense - and offense - not to mention issues of pirating, net neutrality, privacy and related topics, all of which the Sony breach touches on," Tripwire's Westin says.

Despite the lack of solid evidence that proves North Korea is responsible for the Sony attack, some commentators have been referring to the hack against Sony in military terms. Former Congressman Newt Gingrich, for example, claims that "with the Sony collapse America has lost its first cyberwar."

But security experts have cautioned against jumping to conclusions. "I've said it for a week, and I must say it again," Martin of attrition.org says. "How about we wait for actual evidence. ... Remember, North Korea is the same country that threatened the U.S. with a nuclear missile earlier this year. They like to rattle their saber at everyone, but it doesn't mean they actually did anything."


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.